diff --git a/RELEASENOTES.html b/RELEASENOTES.html deleted file mode 100644 index a751215..0000000 --- a/RELEASENOTES.html +++ /dev/null @@ -1,594 +0,0 @@ - - - - - Squid 3.4.7 release notes - - -

Squid 3.4.7 release notes

- -

Squid Developers

-
-This document contains the release notes for version 3.4 of Squid. -Squid is a WWW Cache application developed by the National Laboratory -for Applied Network Research and members of the Web Caching community. -
-

-

1. Notice

- - -

-

2. Major new features since Squid-3.3

- - -

-

3. Changes to squid.conf since Squid-3.3

- - -

-

4. Changes to ./configure options since Squid-3.3

- - -

-

5. Regressions since Squid-2.7

- - - -
-

1. Notice

- -

The Squid Team are pleased to announce the release of Squid-3.4.7 for testing.

-

This new release is available for download from -http://www.squid-cache.org/Versions/v3/3.4/ or the -mirrors.

-

While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

-

We welcome feedback and bug reports. If you find a bug, please see -http://wiki.squid-cache.org/SquidFaq/BugReporting -for how to submit a report with a stack trace.

- -

1.1 Known issues -

- -

Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.4.

- -

1.2 Changes since earlier releases of Squid-3.4 -

- -

The 3.4 change history can be -viewed here.

- - -

2. Major new features since Squid-3.3

- -

Squid 3.4 represents a new feature release above 3.3.

- -

The most important of these new features are: -

-

-

Most user-facing changes are reflected in squid.conf (see below).

- - -

2.1 Helper protocol extensions -

- -

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -

The Squid helper protocol used to communicate with authenticators, -URL-rewriters, Redirectors, and External ACL helpers has been updated -and extended.

- -

BH status code is now accepted from all helpers to report -internal error events separate from ERR rejection code. -Permitting Squid to perform recovery operations specific to -helper failure instead of a blanket client rejection.

- -

Arbitrary key-value pairs can be returned from any helper. -Allowing future helpers to be forward- and backward- compatible -with this and future versions of Squid.

- - -

2.2 SSL Server Certificate Validator -

- -

Details at -http://wiki.squid-cache.org/Features/SslServerCertValidator.

- -

The helper consulted after the internal OpenSSL validation, regardless of the -validation results. The helper will receive:

-

-

-

- -

If the helper decides to honor an OpenSSL error or report another validation -error(s), the helper will return:

-

-

-

- -

The returned information mimics what the internal OpenSSL-based validation code -collects now. Returned errors, if any, are fed to sslproxy_cert_error, -triggering the existing SSL error processing code.

- -

The helper invocation controlled by the sslcrtvalidator_program and -sslcrtvalidator_children configurations options which are similar to the -ssl_crtd related options.

- - -

2.3 Store-ID -

- -

Details at -http://wiki.squid-cache.org/Features/StoreID.

- -

This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.

- -

Notice that this is not a direct portage of the Squid-2.7 feature so behaviour -differences do exist. Although the new feature works in similar enough ways that the old -helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.

- -

Squid traditionally uses the requested URL as an index key ID to locate objects in cache. -It is not the only key possible and the Store-ID feature exposes an API for external -helpers to provide Squid with an alternative key name for any URL.

- -

When any client request is received which requires a cache lookup the URL is passed to -a helper specified with the store_id_program directive to check for an alternative -Store ID. This allows the helper to identify URLs which refer to duplicate resources and -de-duplicate the cache content. store_id_access is provided to allow ACL-based -tuning of which traffic gets sent to the helper and reduce overheads.

- -

One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by -this feature is that refresh_pattern applies its regex argument against the Store -ID key and not the transaction URL. So using the Store-ID feature to alter the value -affects which refresh_pattern directive will be matched.

- -

Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers -option which is added in this version. Currently there is a file helper -provided.

- - -

2.4 TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+ -

- -

Details at -http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.

- -

The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception -using several very simple methods. One of which is the divert-to rule type -which acts as a simple routing diversion instead of performing NAT packet alterations.

- -

The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.

- -

This version of Squid adds support for these features through the ./configure -options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on -systems with the required support. No special extras are required to enable -http_port ... tproxy configuration to work.

- -

NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind -./configure --enable-pf-transparent has been altered and is expected to -break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD -which do not yet support the getsockname() API. -These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.

- - -

2.5 Transaction Annotations -

- -

Previously the only annotation methods available were ICAP/eCAP HTTP header insertions -or external ACL tag= result code. Each of which had only limited possibilities -for use and little or no correlation.

- -

It is now possible to add annotations to a client transaction from several sources: -

-

- -

Annotations on the transaction can be passed to ICAP services or eCAP modules using the -adaptation_meta directive to send them as headers. -They can also be logged using the %note log format code in custom logs. With -the new helper response syntax changes this means all helper response key=value details -such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.

- -

Annotations which are already assigned to a transaction can be checked using an ACL test -of the new note ACL type. This can match a particular note by name and value, -of for any notes with a given name.

- -

NOTE: not all helper interfaces are yet enabled to convert key=value into annotations -and the external ACL interface does not yet send annotations to the helper.

- - -

2.6 Multicast DNS -

- -

The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in -accordance with RFC 6762.

- -

The dns_multicast_local directive must be set to on to enable this -feature.

- -

The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set -of available DNS resolvers and used automatically for domain names ending in .local -and reverse-DNS lookups before attempting a secondary resolution on the configured -resolvers. Domains without .local are resolved using only the configured resolvers.

- -

Statistics for multicast DNS resolution can be found on the idns cache manager -report.

- -

NOTE that the external DNS helper interface is now deprecated and has been -removed from future Squid versions. Any installations still using it for local hostname -resolution need to upgrade to mDNS resolution with this Squid version.

- - -

3. Changes to squid.conf since Squid-3.3

- -

There have been changes to Squid's configuration file since Squid-3.3.

- -

Squid supports reading configuration option parameters from external -files using the syntax parameters("/path/filename"). For example: -

-    acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
-
-

- -

There have also been changes to individual directives in the config file.

-

This section gives a thorough account of those changes in three categories:

-

-

-

- - -

3.1 New tags -

- -

-

-
configuration_includes_quoted_values
-

Whether Squid supports directive parameters with spaces, quotes, and other -special characters. Surround such parameters with "double quotes" and -also set this directive on/off around the relevant squid.conf line(s) -making use of such quoting.

- -
dns_multicast_local
-

Use multicast DNS for .local domains and reverse-DNS resolution.

- -
note
-

Use ACLs to annotate a transaction with customized annotations -which can be logged in access.log

- -
spoof_client_ip
-

Access control to determine whether to disable the TPROXY spoofing on upstream traffic.

- -
sslcrtvalidator_children
-

Specifies the settings for how many SSL server certificate -validator helpers are run and when they are started.

- -
sslcrtvalidator_program
-

Specifies the location of a SSL server certificate validator helper.

- -
store_id_access
-

Whether the URL for a given request is passed to the Store-ID helper process. -Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.

-

Ported equivalent to storeurl_access from 2.7

- -
store_id_bypass
-

Whether the StoreID helper may be bypassed when overloaded.

- -
store_id_children
-

Controls the number of StoreID helper processes.

-

Options startup=N, idle=N, concurrency=N -

-

- -
store_id_rewrite_program
-

A helper program to provide cache storage internal key ID value for a request.

-

Ported equivalent to storeurl_rewrite_program from 2.7

- -
-

- -

3.2 Changes to existing tags -

- -

-

-
access_log
-

Configuration syntax extended to support name=value options. -New Syntax: access_log module:place [option ...] [acl ...]

-

New option logformat= to specify the logging format name.

-

New option buffer-size= to specify how large the log buffer -for this log is to be when buffered_logs is enabled.

-

New option on-error= to specify what handling is to be done -if the logging module encounters a non-recoverable error writing logs. -With the value die (the default) Squid halts operation. -With the value drop Squid drops log lines and continue running.

- -
acl
-

New test type server_cert_fingerprint to match against -server SSL certificate fingerprint.

-

New test type note to match against transaction annotations -by name and value, or just by name.

-

New test type any-of to match if any one of a set of named ACLs.

-

New test type all-of to match against all of a set of named ACLs.

- -
auth_param
-

New result code BH to signal helper internal errors -available in all authentication schemes.

-

New key message= for error message details in all authentication schemes.

-

New result code OK and key ha1= in Digest authentication.

-

New result codes OK, ERR replace result codes AF, -and NA in NTLM and Negotiate authentication.

-

New key token= for NTLM and Negotiate authentication OK responses.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
external_acl_type
-

Deprecated protocol=3.0 option. No longer necessary.

-

New result code BH to signal helper internal errors

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
http_port
-

Support IPv6 for intercept mode. Requires ip6tables support on Linux, -PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain -about misconfiguration if IPv6 support is missing, we now rely on the firewall -tools reporting misconfiguration when the NAT rules are created.

-

Support tproxy mode traffic on BSD systems with BINDANY support -(OpenBSD 5+, FreeBSD 9+ so far).

-

Changed build options behind intercept traffic mode handling on BSD. -see --enable-pf-transparent for more details.

- -
logformat
-

New format code %note to log a transaction annotation linked to the -transaction by ICAP, eCAP, a helper, or the note squid.conf directive.

-

New format code %>qos to log client connection TOS/DSCP value set by Squid.

-

New format code %<qos to log server connection TOS/DSCP value set by Squid.

-

New format code %>nfmark to log client connection netfilter mark set by Squid.

-

New format code %<nfmark to log server connection netfilter mark set by Squid.

- -
pipeline_prefetch
-

Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.

- -
refresh_pattern
-

NOTE: the regular expression pattern operates on the cache Store-ID value. -Which by default is identical to the requested URL, but may differ for some -objects if the Store-ID feature is in use.

- -
unlinkd_program
-

New helper response format utilizing result codes OK and BH, -to signal helper lookup results. Also, key-value response values to return -multiple values to Squid.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
url_rewrite_program
-

New helper response format utilizing result codes OK, ERR, -and BH to signal helper lookup results. Also, key-value response -values to return multiple values to Squid.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
-

- -

3.3 Removed tags -

- -

-

-
storeurl_access
-

Replaced by store_id_access.

- -
storeurl_rewrite_children
-

Replaced by store_id_children.

- -
storeurl_rewrite_concurrency
-

Replaced by store_id_children with concurrency=N option.

- -
storeurl_rewrite_program
-

Replaced by store_id_program.

- -
-

- - -

4. Changes to ./configure options since Squid-3.3

- -

There have been some changes to Squid's build configuration since Squid-3.3.

-

This section gives an account of those changes in three categories:

-

-

-

- - -

4.1 New options -

- -

-

-
--enable-storeid-rewrite-helpers
-

New option to control which Store-ID helpers are built. As with other -helper options use --disable-* to prevent any helpers building and -omit to get all helper auto-detected.

-

Currenly only a helper using file for backend is provided.

- -
--disable-arch-native
-

New option to disable use of -march=native compiler flag.

-

The new flag auto-enables CPU-specific optimizations in GCC and is -required by Clang++ v3.2 for correct 64-bit environment detection. -It does not always work well however, so this build option is provided -to remove it when necessary.

- -
--with-nat-devpf
-

New option to alter the behaviour of http_port ... intercept option -in squid.conf.

-

When this option is used Squid performs the /dev/pf lookups required to -support PF rdr-to rules. Otherwise Squid will perform perform the -getsockname() API calls to support PF divert-to rules.

-

NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require this option.

- -
-

- -

4.2 Changes to existing options -

- -

-

-
--enable-pf-transparent
-

NAT table support updated to use the getsockname() API provided by the -latest PF versions divert-to. This allows http_port -in squid.conf to support both intercept and tproxy traffic -and to silence NAT lookup failure messages on recent BSD.

-

NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require --with-nat-devpf -to re-enable /dev/pf support when using PF firewall.

- -
--disable-translation
-

Default changed to prevent translating error page templates during build. -Use --enable-translation to explicitly build and install the templates.

-

The latest pre-translated templates can be downloaded from -http://www.squid-cache.org/Versions/langpack/

- -
-

-

4.3 Removed options -

- -

-

-

There are no removed ./configure options in Squid-3.4.

- -
-

- - -

5. Regressions since Squid-2.7

- -

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4

- -

If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.

- -

5.1 Missing squid.conf options available in Squid-2.7 -

- -

-

-
broken_vary_encoding
-

Not yet ported from 2.6

- -
cache_dir
-

COSS storage type is lacking stability fixes from 2.6

-

COSS overwrite-percent= option not yet ported from 2.6

-

COSS max-stripe-waste= option not yet ported from 2.6

-

COSS membufs= option not yet ported from 2.6

-

COSS maxfullbufs= option not yet ported from 2.6

- -
cache_peer
-

idle= not yet ported from 2.7

-

monitorinterval= not yet ported from 2.6

-

monitorsize= not yet ported from 2.6

-

monitortimeout= not yet ported from 2.6

-

monitorurl= not yet ported from 2.6

- -
cache_vary
-

Not yet ported from 2.6

- -
collapsed_forwarding
-

Not yet ported from 2.6

- -
error_map
-

Not yet ported from 2.6

- -
external_refresh_check
-

Not yet ported from 2.7

- -
location_rewrite_access
-

Not yet ported from 2.6

- -
location_rewrite_children
-

Not yet ported from 2.6

- -
location_rewrite_concurrency
-

Not yet ported from 2.6

- -
location_rewrite_program
-

Not yet ported from 2.6

- -
refresh_pattern
-

stale-while-revalidate= not yet ported from 2.7

-

ignore-stale-while-revalidate= not yet ported from 2.7

-

negative-ttl= not yet ported from 2.7

- -
refresh_stale_hit
-

Not yet ported from 2.7

- -
update_headers
-

Not yet ported from 2.7

- -
-

- - - diff --git a/squid-3.4.10.tar.bz2 b/squid-3.4.10.tar.bz2 new file mode 100644 index 0000000..6a1503e --- /dev/null +++ b/squid-3.4.10.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a971c4f5404113bd0264d13137cd5f326b58ef20c17beae836036668aeabc97 +size 3043193 diff --git a/squid-3.4.10.tar.bz2.asc b/squid-3.4.10.tar.bz2.asc new file mode 100644 index 0000000..2dcf177 --- /dev/null +++ b/squid-3.4.10.tar.bz2.asc @@ -0,0 +1,20 @@ +File: squid-3.4.10.tar.bz2 +Date: Tue Dec 9 17:23:33 UTC 2014 +Size: 3043193 +MD5 : 326283b0c37e7dc9b2f90dc0ecd9a8a4 +SHA1: a04ab50971e1a446fe82514fff830898661c6fad +Key : 0xFF5CF463 + fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 + keyring = http://www.squid-cache.org/pgp.asc + keyserver = subkeys.pgp.net +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJUhzBbAAoJELJo5wb/XPRjUCIH/3hfJgMi/iKRZpedeFjQhstf +twbTxrtW1x+Er6J3pswPUIbLcYARHhsTpfYHAatleE1Ccl9b16FXSMSXobHpmrab +YR1q/N/W3QwgqH3D2a2m8eUNJTWxTeZ1xYeGzHJK7sgKfaBbt/JlYfs8nh7ekdkV +GjHzHa3IDuq5VX4Pra6riCW9NjAvUo8oaesU3ZRjV9fECbZ2XMqvrxHq7V7bGOgx +sU1gsRjlgsAZeFDiEXz+Dww2RBh46/gUwJZwO/uTYmJjPzr4hFb1PLwEVL4+auv2 +uS8lta6K9ZpIXPXaKj0zntG1Z+5X77SoLoTQMq06PpLlGpDjYMDzcs25mCyU1R0= +=Ooir +-----END PGP SIGNATURE----- diff --git a/squid-3.4.9.tar.bz2 b/squid-3.4.9.tar.bz2 deleted file mode 100644 index 8d8525b..0000000 --- a/squid-3.4.9.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:42f2ffbfed6679e1e4ba9a29088495c088ff76cc2517d22d5fb792e2b802ce66 -size 3043750 diff --git a/squid-3.4.9.tar.bz2.asc b/squid-3.4.9.tar.bz2.asc deleted file mode 100644 index b65df61..0000000 --- a/squid-3.4.9.tar.bz2.asc +++ /dev/null @@ -1,20 +0,0 @@ -File: squid-3.4.9.tar.bz2 -Date: Fri Oct 31 10:20:30 UTC 2014 -Size: 3043750 -MD5 : bb8ecbee8fa9fa8659b4349a78696fe7 -SHA1: a356cadc324d91c41119f96a7d1a20330866c1ac -Key : 0xFF5CF463 - fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 - keyring = http://www.squid-cache.org/pgp.asc - keyserver = subkeys.pgp.net ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJUU3UxAAoJELJo5wb/XPRjhKUH/0flnkcc6gTQzh7Vh/kusCFk -pC/sfpt0mrZeZZQxAYS/wJFIym5jo8PkiKrvC2ZgOHchpVlGC3hLn2ENqbzR6VEv -L5V7M1XGJdgC1ynjj+H9ML4PBmV1E/XfakkOgnhY+3of32DrmuCN8CFuB5iGNcdH -xHwzXGSeyJkDUjZObourtT2h64Rc12cARz/yXgsq2YKAhf0EM8+rld5Xm40kOWsX -Vci/kvw3RkXuhMMwrL9jzxv8z5/nrsDHbHmwXy3mw2k0G9AmzbKx8ykdoABG/MH5 -awuHT1MNFQp5IBr6LisM++2BILjb3UNiyp3lhDtXCHbTo6RCik7jUvEih57koqI= -=BI4b ------END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index 8096b78..5d99c67 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com + +- Cleanup with spec-cleaner +- Version bump to 3.4.10: + * Fix bootstrap.sh dependency on SPONSORS.list + * HTTP/2: Support 421 (Misdirected Request) status code + * Alternate-Protocol is a hop-by-hop header + * Bug #4148: external_acl_type header format does not accept the new libformat syntax + * Bug #4033: Rebuild corrupted ssl_db/size file + * Bug #3902: Docs: external_acl_type cache hash key + * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6 + * Fix segmentation fault in ACLUrlPathStrategy::match +- Remove support for other distros as we build for opensuse anyway + +------------------------------------------------------------------- +Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net + +- remove permissions.easy and permissions.paranoid files from package + as they are not used any more + ------------------------------------------------------------------- Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net diff --git a/squid.init b/squid.init deleted file mode 100644 index cb400db..0000000 --- a/squid.init +++ /dev/null @@ -1,201 +0,0 @@ -#!/bin/sh -# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH -# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH -# Copyright (c) 2002 SuSE Linux AG -# -# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel -# -# /etc/init.d/squid -# and its symbolic link -# /(usr/)sbin/rcsquid -# -### BEGIN INIT INFO -# Provides: squid -# Required-Start: $local_fs $remote_fs $network $time -# Should-Start: apache $named winbind -# Required-Stop: $local_fs $remote_fs $network $time -# Should-Stop: apache $named winbind -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Short-Description: Squid web cache -# Description: Start the Squid web cache, providing -# HTTP, FTP and other proxy services -### END INIT INFO -# -# Note on runlevels: -# 0 - halt/poweroff 6 - reboot -# 1 - single user 2 - multiuser without network exported -# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) - - -# Check for missing binaries (stale symlinks should not happen) -# Note: Special treatment of stop for LSB conformance -SQUID_BIN=/usr/sbin/squid -test -x $SQUID_BIN || { echo "$SQUID_BIN not installed"; - if [ "$1" = "stop" ]; then exit 0; - else exit 5; fi; } - -# Check for existence of needed config file and read it -SQUID_SYSCONFIG=/etc/sysconfig/squid -test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -# Read config -. $SQUID_SYSCONFIG - -SQUID_PID=/var/run/squid.pid -SQUID_CONF=/etc/squid/squid.conf -SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"} -SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"} -SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"} - -# determine which one is the cache_swap directory -SQUID_CACHE_DIR=$(perl -n -e \ - '/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF) - -ulimit -n "$SQUID_ULIMIT" - -#IN: $SQUID_CACHE_DIR -setup_squid_cache_dir(){ - for adir in "$1" ; do - if [ ! -d $adir/00 ]; then # create missing cache directories - umask 027 # prevent users reading any cache data - echo -n " ($adir)" - $SQUID_BIN -z -F > /dev/null 2>&1 - fi - if [ ! -d $adir/00 ]; then - echo " - failed while creating cache_dir ! " - rc_failed - rc_status -v - rc_exit - fi - done - sleep 2 -} - -# Shell functions sourced from /etc/rc.status: -# rc_check check and set local and overall rc status -# rc_status check and set local and overall rc status -# rc_status -v be verbose in local rc status and clear it afterwards -# rc_status -v -r ditto and clear both the local and overall rc status -# rc_status -s display "skipped" and exit with status 3 -# rc_status -u display "unused" and exit with status 3 -# rc_failed set local and overall rc status to failed -# rc_failed set local and overall rc status to -# rc_reset clear both the local and overall rc status -# rc_exit exit appropriate to overall rc status -# rc_active checks whether a service is activated by symlinks -. /etc/rc.status - -# Reset status of this service -rc_reset - - -case "$1" in - start) - echo -n "Starting WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - echo -n "- Warning: squid already running ! " - rc_failed - else - [ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! " - if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then - setup_squid_cache_dir "$SQUID_CACHE_DIR" - fi - fi - startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS" - - # Remember status and be verbose - rc_status -v - ;; - stop) - echo -n "Shutting down WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - $SQUID_BIN -k shutdown - sleep 2 - if [ -e $SQUID_PID ] ; then - echo -n "- wait a minute or two... " - i="$SQUID_S_T" - while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do - sleep 2 - i=$[$i-1] - echo -n "." - [ $i -eq 41 ] && echo - done - fi - if /sbin/checkproc $SQUID_BIN ; then - killproc -TERM $SQUID_BIN - echo -n " Warning: squid killed !" - fi - else - echo -n "- Warning: squid not running ! " - rc_failed 7 - fi - - # Remember status and be verbose - rc_status -v - ;; - try-restart) - $0 status >/dev/null && $0 restart - - # Remember status and be quiet - rc_status - ;; - restart) - $0 stop - $0 start - - # Remember status and be quiet - rc_status - ;; - force-reload) - $0 reload - - # Remember status and be quiet - rc_status - ;; - reload) - echo -n "Reloading WWW-proxy squid " - if /sbin/checkproc $SQUID_BIN ; then - $SQUID_BIN -k rotate - sleep 2 - $SQUID_BIN -k reconfigure - rc_status - else - echo -n "- Warning: squid not running ! " - rc_failed 7 - fi - - # Remember status and be verbose - rc_status -v - ;; - status) - echo -n "Checking for WWW-proxy squid " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Return value is slightly different for the status command: - # 0 - service up and running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running (unused) - # 4 - service status unknown :-( - # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) - - # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc $SQUID_BIN - - # Remember status and be verbose - rc_status -v - ;; - probe) - test $SQUID_CONF -nt $SQUID_PID && echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; -esac -rc_exit - diff --git a/squid.init.rh b/squid.init.rh deleted file mode 100644 index 15cb5b9..0000000 --- a/squid.init.rh +++ /dev/null @@ -1,187 +0,0 @@ -#!/bin/bash -# chkconfig: - 90 25 -# pidfile: /var/run/squid.pid -# config: /etc/squid/squid.conf -# -### BEGIN INIT INFO -# Provides: squid -# Short-Description: starting and stopping Squid Internet Object Cache -# Description: Squid - Internet Object Cache. Internet object caching is \ -# a way to store requested Internet objects (i.e., data available \ -# via the HTTP, FTP, and gopher protocols) on a system closer to the \ -# requesting site than to the source. Web browsers can then use the \ -# local Squid cache as a proxy HTTP server, reducing access time as \ -# well as bandwidth consumption. -### END INIT INFO - - -PATH=/usr/bin:/sbin:/bin:/usr/sbin -export PATH - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -if [ -f /etc/sysconfig/squid ]; then - . /etc/sysconfig/squid -fi - -# don't raise an error if the config file is incomplete -# set defaults instead: -SQUID_OPTS=${SQUID_OPTS:-""} -SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} -SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} -SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} -SQUID_PIDFILE_DIR="/var/run/squid" -SQUID_USER="squid" -SQUID_DIR="squid" - -# determine the name of the squid binary -[ -f /usr/sbin/squid ] && SQUID=squid - -prog="$SQUID" - -# determine which one is the cache_swap directory -CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ - grep cache_dir | awk '{ print $3 }'` - -RETVAL=0 - -probe() { - # Check that networking is up. - [ ${NETWORKING} = "no" ] && exit 1 - - [ `id -u` -ne 0 ] && exit 4 - - # check if the squid conf file is present - [ -f $SQUID_CONF ] || exit 6 -} - -start() { - # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions. - if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi - probe - - parse=`$SQUID -k parse -f $SQUID_CONF 2>&1` - RETVAL=$? - if [ $RETVAL -ne 0 ]; then - echo -n $"Starting $prog: " - echo_failure - echo - echo "$parse" - return 1 - fi - for adir in $CACHE_SWAP; do - if [ ! -d $adir/00 ]; then - echo -n "init_cache_dir $adir... " - $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - fi - done - echo -n $"Starting $prog: " - $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - timeout=0; - while : ; do - [ ! -f /var/run/squid.pid ] || break - if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then - RETVAL=1 - break - fi - sleep 1 && echo -n "." - timeout=$((timeout+1)) - done - fi - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID - [ $RETVAL -eq 0 ] && echo_success - [ $RETVAL -ne 0 ] && echo_failure - echo - return $RETVAL -} - -stop() { - echo -n $"Stopping $prog: " - $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 - RETVAL=$? - if [ $RETVAL -eq 0 ] ; then - $SQUID -k shutdown -f $SQUID_CONF & - rm -f /var/lock/subsys/$SQUID - timeout=0 - while : ; do - [ -f /var/run/squid.pid ] || break - if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then - echo - return 1 - fi - sleep 2 && echo -n "." - timeout=$((timeout+2)) - done - echo_success - echo - else - echo_failure - if [ ! -e /var/lock/subsys/$SQUID ]; then - RETVAL=0 - fi - echo - fi - rm -rf $SQUID_PIDFILE_DIR/* - return $RETVAL -} - -reload() { - $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF -} - -restart() { - stop - rm -rf $SQUID_PIDFILE_DIR/* - start -} - -condrestart() { - [ -e /var/lock/subsys/squid ] && restart || : -} - -rhstatus() { - status $SQUID && $SQUID -k check -f $SQUID_CONF -} - - -case "$1" in -start) - start - ;; - -stop) - stop - ;; - -reload|force-reload) - reload - ;; - -restart) - restart - ;; - -condrestart|try-restart) - condrestart - ;; - -status) - rhstatus - ;; - -probe) - probe - ;; - -*) - echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}" - exit 2 -esac - -exit $? diff --git a/squid.logrotate b/squid.logrotate index 45fa5f6..d432dc1 100644 --- a/squid.logrotate +++ b/squid.logrotate @@ -1,4 +1,5 @@ /var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log { + su squid squid compress dateext maxage 365 diff --git a/squid.permissions.easy b/squid.permissions.easy deleted file mode 100644 index 275897d..0000000 --- a/squid.permissions.easy +++ /dev/null @@ -1,5 +0,0 @@ -/var/cache/squid/ squid:root 750 -/var/log/squid/ squid:root 750 -/usr/sbin/pinger root:squid 750 - +capabilities cap_net_raw=ep -/usr/sbin/basic_pam_auth root:shadow 2750 diff --git a/squid.permissions.paranoid b/squid.permissions.paranoid deleted file mode 100644 index bf26c3c..0000000 --- a/squid.permissions.paranoid +++ /dev/null @@ -1,5 +0,0 @@ -/var/cache/squid/ squid:root 750 -/var/log/squid/ squid:root 750 -/usr/sbin/pinger root:squid 750 - +capabilities cap_net_raw=ep -/usr/sbin/basic_pam_auth root:root 755 diff --git a/squid.spec b/squid.spec index 70c1fc6..3238f34 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,42 +17,23 @@ %define squidlibdir %{_libdir}/squid -%define squidconfdir /etc/squid -#define snap -20131225-r13064 - +%define squidconfdir %{_sysconfdir}/squid Name: squid +Version: 3.4.10 +Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -Version: 3.4.9 -Release: 0 Url: http://www.squid-cache.org/Versions/v3/3.4 Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2 Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc -Source2: RELEASENOTES.html -Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate -###Source9: %%{name}.permissions.easy Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring -Source14: squid.init.rh -###Source15: %%{name}.permissions.paranoid - -# -# the following patches are downloaded directly from the webserver -# don't change the names for easier identification -# -# please read every file if there is interest about what the patch changes -# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/ -# -# -# Upstream patch -# Patch0: - # do not show some rpmlint warnings Source99: squid-rpmlintrc # some useful defaults for squid @@ -64,87 +45,49 @@ Patch101: %{name}-nobuilddates.patch Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch # patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) Patch103: squid-brokenad.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?suse_version} -PreReq: %fillup_prereq -PreReq: %insserv_prereq -PreReq: /usr/bin/getent -PreReq: permissions -PreReq: pwdutils -%else -Requires(pre): shadow-utils -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/service /sbin/chkconfig -Requires(postun): /sbin/service -%endif -BuildRequires: db-devel -# needed by bootstrap.sh BuildRequires: cyrus-sasl-devel +BuildRequires: db-devel BuildRequires: ed BuildRequires: expat -%if 0%{?suse_version} || 0%{?fedora_version} > 8 BuildRequires: fdupes -%endif BuildRequires: gcc-c++ BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libexpat-devel -%if 0%{?suse_version} <= 1140 -BuildRequires: libtool -%else BuildRequires: libtool >= 2.4 -%endif BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: sharutils -%if 0%{?suse_version} < 1220 -BuildRequires: libxml2-devel -%else -BuildRequires: pkgconfig(libxml-2.0) -%endif - -%if 0%{?suse_version} >= 1210 BuildRequires: systemd -%{?systemd_requires} -%define has_systemd 1 -%endif - +BuildRequires: pkgconfig(libxml-2.0) Requires: logrotate Requires: sed -Provides: http_proxy - -# due to package rename -# Wed Aug 15 17:40:30 UTC 2012 +Requires(post): %fillup_prereq +Requires(pre): %insserv_prereq +Requires(pre): %{_bindir}/getent +Requires(pre): permissions +Requires(pre): pwdutils Provides: %{name}3 = %{version} +Provides: http_proxy Obsoletes: %{name}3 < %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%{?systemd_requires} %description -Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. - -Squid 3.4 represents a new feature release above 3.3. - -The most important of these new features are: - - * Helper protocol extensions - * SSL Server Certificate Validator - * Store-ID - * TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+ - * Transaction Annotations - * Multicast DNS +Squid is a fully-featured HTTP/1.0 proxy which is almost a fully-featured +HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging +environment to develop web proxy and content serving applications. +Squid offers a rich set of traffic optimization options, most of which are +enabled by default for simpler installation and high performance. %prep -#setup -q -n %{name}-%{version}%{snap} -%setup -q -n %{name}-%{version} -cp %{S:10} . -# upstream patches after RELEASE -# -##### other patches +%setup -q +cp %{SOURCE10} . %patch100 -perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` +perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` chmod a-x CREDITS %patch101 %patch102 @@ -157,19 +100,12 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie' %configure \ --disable-strict-error-checking \ --sysconfdir=%{squidconfdir} \ - --libexecdir=/usr/sbin \ - --datadir=/usr/share/squid \ - --sharedstatedir=/var/squid \ - --with-logdir=/var/log/squid \ -%if 0%{?has_systemd} + --libexecdir=%{_sbindir} \ + --datadir=%{_datadir}/squid \ + --sharedstatedir=%{_localstatedir}/squid \ + --with-logdir=%{_localstatedir}/log/squid \ --with-pidfile=/run/squid.pid \ -%else - --with-pidfile=/var/run/squid.pid \ -%endif --with-dl \ -%if 0%{?suse_version} <= 1140 - --with-included-ltdl \ -%endif --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ @@ -214,7 +150,7 @@ make SAMBAPREFIX=/usr %{?_smp_mflags} %install %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || : -%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \ +%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || : install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} @@ -223,25 +159,8 @@ install -d %{buildroot}%{_prefix}/sbin # make_install make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr -mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default -ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible - -#### install permissions files -###%%if 0%%{?suse_version} <= 1320 -###cp -a %%{SOURCE9} %%{name}.easy -###cp -a %%{SOURCE9} %%{name}.secure -###cp -a %%{SOURCE15} %%{name}.paranoid -###%if !0%%{?has_systemd} -###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.easy -###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.secure -###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\1750@g' %%{name}.paranoid -###%%endif - -###install -D -m 644 %%{name}.easy %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.easy -#### pinger should be secure "enough" anyway paranoid will strip everything :) -###install -m 644 %%{name}.secure %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.secure -###install -m 644 %%{name}.paranoid %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.paranoid -###%%endif +mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default +ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible # install logrotate file install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} @@ -266,34 +185,15 @@ for i in errors/*; do install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i fi done -ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors +ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors + +# systemd service +install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service +ln -sf service %{buildroot}%{_sbindir}/rc%{name} +install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} # fix file duplicates -%if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} -%endif -%if 0%{?fedora_version} > 8 -fdupes -q -n -r %{buildroot}%{_prefix} -%endif - -%if 0%{?has_systemd} - install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service - ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} -%else # SysVinit - # fix postrotate script for SysVinit - sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %if 0%{?suse_version} - install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} - ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} - %else # lets just assume other are rh based ones... - install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name} - %endif -%endif -%if 0%{?suse_version} - install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else - install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -%endif %pre # we need this group for /usr/sbin/pinger @@ -306,7 +206,7 @@ if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then %{_sbindir}/groupadd -r winbind 2>/dev/null fi if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then - %{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \ + %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -G winbind -g %{name} -o -u 31 -r -s /bin/false \ %{name} 2>/dev/null fi @@ -314,78 +214,36 @@ fi if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then %{_sbindir}/usermod -G winbind %{name} 2>/dev/null fi - -%if 0%{?has_systemd} %service_add_pre %{name}.service -%endif %post -%if 0%{?suse_version} >= 1140 - %if 0%{?set_permissions:1} %set_permissions %{_sbindir}/pinger %set_permissions %{_sbindir}/basic_pam_auth %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ - %else -%run_permissions - %endif -%endif # update mode? if [ "$1" -gt "1" ]; then if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then - echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf" + echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf" mv etc/%{name}.conf etc/%{name}/%{name}.conf fi # default group changed from nogroup to squid %{_sbindir}/usermod -g %{name} %{name} fi - -%if 0%{?has_systemd} +%fillup_only %service_add_post squid.service -%else - %if 0%{?suse_version} -%{fillup_and_insserv -n "squid"} - %else - /sbin/chkconfig --add squid - %endif -%endif %preun -%if 0%{?has_systemd} %service_del_preun squid.service -%else - %if 0%{?suse_version} -%stop_on_removal squid - %else - if [ $1 = 0 ] ; then - service squid stop >/dev/null 2>&1 - rm -f /var/log/squid/* - /sbin/chkconfig --del squid - fi - %endif -%endif -%if 0%{?suse_version} %verifyscript -%verify_permissions -e /usr/sbin/basic_pam_auth -%verify_permissions -e /usr/sbin/pinger -%verify_permissions -e /var/cache/squid/ -%verify_permissions -e /var/log/squid/ -%endif +%verify_permissions -e %{_sbindir}/basic_pam_auth +%verify_permissions -e %{_sbindir}/pinger +%verify_permissions -e %{_localstatedir}/cache/squid/ +%verify_permissions -e %{_localstatedir}/log/squid/ %postun -%if 0%{?has_systemd} %service_del_postun squid.service -%else - %if 0%{?suse_version} -%restart_on_update squid -%insserv_cleanup - %else - if [ "$1" -ge "1" ] ; then - service squid condrestart >/dev/null 2>&1 - fi - %endif -%endif %files %defattr(-,root,root) @@ -395,11 +253,7 @@ fi %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default %doc %{_mandir}/man?/* -%if 0%{?has_systemd} %{_unitdir}/%{name}.service -%else -%{_sysconfdir}/init.d/%{name} -%endif %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} @@ -416,11 +270,6 @@ fi %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} -###%%if 0%%{?suse_version} <= 1320 -###%%config %%{_sysconfdir}/permissions.d/%%{name}.easy -###%%config %%{_sysconfdir}/permissions.d/%%{name}.secure -###%%config %%{_sysconfdir}/permissions.d/%%{name}.paranoid -###%%endif %dir %{_datadir}/%{name} %{_datadir}/%{name}/errors %{_datadir}/%{name}/icons @@ -438,7 +287,6 @@ fi %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth -#{_sbindir}/basic_pam_auth %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth @@ -446,7 +294,6 @@ fi %{_sbindir}/basic_smb_auth.sh %{_sbindir}/cert_tool %{_sbindir}/cert_valid.pl -#{_sbindir}/digest_edirectory_auth %{_sbindir}/digest_file_auth %{_sbindir}/digest_ldap_auth %{_sbindir}/diskd @@ -465,24 +312,15 @@ fi %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth -# not working %%caps(cap_net_raw=ep) -%if 0%{?has_systemd} %verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger -%else -%verify(not user group mode) %attr(2750,root,squid) %{_sbindir}/pinger -%endif %{_sbindir}/%{name} %{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh -%if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} -%else -%{_sysconfdir}/sysconfig/%{name} -%endif %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi